Could big data mean the death of typed passwords?

What if traditional login/password to your favorite websites was replaced by a web app asking you to talk for one second, or to get you picture taken from your laptop camera, or to check your fingerprint on your laptop touch screen? Your one-second voice message or your image of your fingerprint could then be encoded using a combination of several metrics and stored in a database for further login validation.

The idea is to replace traditional login/password (not a secure way to connect to a web site), with much more secure technology, which would apply everywhere on any computer, laptop, cell phone or device where this ID checking app would be installed.

Also, the old fashioned login/password system could still co-exist as an option. The aim of the new system being to allow anyone to log on with just one click, from any location / device on any website, without having to remember a bunch of (often) weak passwords.

Drawback: it would require tremendous amount of computer power to analyze any image / sound file or fingerprint data (whenever someone logs in on any system), to transform the signal into a (say 128 bytes) signature, then match that encrypted signature against a database of recorded (voice / image) signatures to make sure that the attempted login is really from you.

I would imagine that some sites may take advantage of this, but not all of them will. Not everyone has a camera, or microphone, nor do they want one. Some people have voice changes, especially early in morning, so how would that be overcome? I don't want my fingerprints being readily available. I personally do not even want a touchscreen. Talk about a messy screen, or the ergonomics involved. None of this is disability friendly. I'm just being the Devil's Advocate here, and trying to prevent abuse. It's bad enough when soneone steals your identity, but can you imagine if they get a hold of more data about you?

Thanks Steven. I fixed the typo. I wish it would be automatically fixed as you type, but so many systems are terrible at guessing and fixing typos, that it's better not to have an auto-corrector. Also, auto-corrector are used by criminals in foreign countries, who can't write proper English, but rely on this technology to avoid easy detection. This is why auto-correction is no longer available on public message boards, so that users can more easily identify scams and other fraud.

Dr. Steven Struhl said:

Maybe typing itself is dead or dying--with all due respect, I did notice a typo in your headline.

@Carla: When I initially wrote this article, I was thinking at the end-user (not the corporations or government), who don't remember login / passwords unless using password systems that are weak and subject to hijacking and ID theft, or complicated login / password management systems.

Of course my proposed new digital signature system could lead to abuse (by government?), thus my idea NOT to force it on users, but instead allow users to select how they want to log on (voice or face signature, touch-screen fingerprinting, or just plain old-fashioned login / passwords consisting of typed text).

About the issue of "voice change", the problem consists of identifying very robust metrics that will make a signature to be consistently reliable. It must be tested using statistical design of experiments before a final voice signature (set of metrics) is identified, a voice signature system that fails less than 0.1% of the time on 99% of all users. And maybe none exist.

Carla R. Ackley said:

I would imagine that some sites may take advantage of this, but not all of them will. Not everyone has a camera, or microphone, nor do they want one. Some people have voice changes, especially early in morning, so how would that be overcome? I don't want my fingerprints being readily available. I personally do not even want a touchscreen. Talk about a messy screen, or the ergonomics involved. None of this is disability friendly. I'm just being the Devil's Advocate here, and trying to prevent abuse. It's bad enough when soneone steals your identity, but can you imagine if they get a hold of more data about you?

Do you use the same password to log into your bank account and to log into twitter? Following the same logic, I don't think you will want to use the same biometrics you will be using to identify yourself at country boarders, your bank, etc, to login to your various other services.

However now that I am thinking about it I can see a central service like PayPal, which you trust with your various biometrics, and is used to verify you by other websites.

Also another point: how many people currently with fingerprint readers on their laptops use them to log into their systems? I don't.

@Carla: When I initially wrote this article, I was thinking at the end-user (not the corporations or government), who don't remember login / passwords unless using password systems that are weak and subject to hijacking and ID theft, or complicated login / password management systems.

Of course my proposed new digital signature system could lead to abuse (by government?), thus my idea NOT to force it on users, but instead allow users to select how they want to log on (voice or face signature, touch-screen fingerprinting, or just plain old-fashioned login / passwords consisting of typed text).

About the issue of "voice change", the problem consists of identifying very robust metrics that will make a signature to be consistently reliable. It must be tested using statistical design of experiments before a final voice signature (set of metrics) is identified, a voice signature system that fails less than 0.1% of the time on 99% of all users. And maybe none exist.

Carla R. Ackley said:

I would imagine that some sites may take advantage of this, but not all of them will. Not everyone has a camera, or microphone, nor do they want one. Some people have voice changes, especially early in morning, so how would that be overcome? I don't want my fingerprints being readily available. I personally do not even want a touchscreen. Talk about a messy screen, or the ergonomics involved. None of this is disability friendly. I'm just being the Devil's Advocate here, and trying to prevent abuse. It's bad enough when soneone steals your identity, but can you imagine if they get a hold of more data about you?

As far as NLP for voice recognition...well many of us are probably a bit wary of 'Siri', although 'she' is arguably not the forefront of NLP. But just for argument's sake, I believe this is a realistic idea, but perhaps slow to adoption. I think face recognition has also come a long way, and AFAIK not as prone to mismatch error as voice (fewer dynamics in the fingerprint of facial features).

One thing that used to be available on many laptops were fingerprint readers. I thought they were quite nifty and secure, though fingerprint data would not likely have has much a volume of coded data as something like a color image. Although one pertinent question here is, "How much is really necessary?". So encode and encrypt data from 10 fingerprints and each login asks for a random 2. I would think that a fairly sufficient way to validate a user and avoid the issues we're talking about. Plus, AFAIK mere spatial data (depending on how many points you intend to fit, and the precision of those measurements) can be compressed far more easily than color image data.